The present invention relates in general to security of a computer network, and, more specifically, to a computer network security system for preventing unauthorized access to network resources using biometrics.
Biometric authentication involves the use of physical and/or behavioral characteristics of individuals to identify them and to control access to places or things, such as ATM's or other computerized equipment, or more specifically, applications running on that equipment. Biometrics has certain advantages over conventional authentication techniques (e.g., user IDs and passwords, PIN codes, and encoded identification cards) since there is nothing to remember or to carry which might be stolen. Among the many biometric technologies in use are fingerprint analysis, hand geometry analysis, retina scanning, iris scanning, signature analysis, facial recognition, keystroke analysis, and voice analysis.
Based on an original measurement of a biometric characteristic (i.e., enrollment), a person's identity can thereafter be verified automatically when requesting access to a computer application or other resource by re-sampling the characteristic and comparing the biometric data with the enrollment data. If a sufficiently close match is found, then the identity is verified. In addition to verification of an identity, biometric systems can also be employed to compare biometric data from an unidentified person with a database of biometric samples of a group of individuals in order to potentially identify that person from the group.
After a biometric sensor acquires raw data of a desired characteristic, the data is typically processed mathematically in order to extract and format the meaningful features and to compress the data. Comparison of the processed verification or identification data with previously processed and stored enrollment data typically involves a mathematical analysis to quantify the “closeness” of the two data samples. A sensitivity threshold is chosen to delineate how close the samples must be in order to call them a match.
Biometric authentication systems have been specifically adapted to provide a secure interface to computer software applications and their data. The biometric security packages have concentrated on controlling access to the software applications because the protection of applications and their data is a primary focus for owners of sensitive information. In the computing environments of most business environments (and increasingly in residential situations), computing resources are connected within networks, such as local area networks (LANs) and wide area networks (WANs). Existing biometric security packages can be used in a network environment for controlling access to the protected software applications from other points in the network.
With the advancement of computer networking hardware and operating system support for networking, it has become easy to connect a computer to a network and configure it for use within the network. In particular, the use of wireless access points in a network provide opportunities for unauthorized access into a network (e.g., a LAN) when the coverage area of the wireless access point includes public areas. In addition, hardwired LAN connections in corporate Intranets are sometimes available in loosely controlled areas of company facilities such as conference rooms, visitors offices, and vacant offices. Although applications residing on the network may be protected by various security measures (including biometrics), it is difficult to ensure that there are no unprotected areas within a particular network that could be exploited by an unauthorized user.